 |
Moodle APIs
3.8
Moodle 3.8.6 (Build: 20201109)
|
|
Moodle APIs
3.8
Moodle 3.8.6 (Build: 20201109)
|
Lib functions. More...
Functions | |
| report_security_check_configrw ($detailed=false) | |
| Verifies config.php is not writable anymore after installation, config files were changed on several outdated server. More... | |
| report_security_check_cookiesecure ($detailed=false) | |
| Verifies if https enabled only secure cookies allowed, this prevents redirections and sending of cookies to unsecure port. More... | |
| report_security_check_crawlers ($detailed=false) | |
| Verifies web crawler (search engine) access not combined with disabled guest access because attackers might gain guest access by modifying browser signature. More... | |
| report_security_check_defaultuserrole ($detailed=false) | |
| Verifies sanity of default user role. More... | |
| report_security_check_displayerrors ($detailed=false) | |
| Verifies displaying of errors - problem for lib files and 3rd party code because we can not disable debugging in these scripts (they do not include config.php) More... | |
| report_security_check_emailchangeconfirmation ($detailed=false) | |
| Verifies email confirmation - spammers were changing mails very often. More... | |
| report_security_check_embed ($detailed=false) | |
| Verifies sloppy embedding - this should have been removed long ago!! More... | |
| report_security_check_frontpagerole ($detailed=false) | |
| Verifies sanity of frontpage role. More... | |
| report_security_check_guestrole ($detailed=false) | |
| Verifies sanity of guest role. More... | |
| report_security_check_mediafilterswf ($detailed=false) | |
| Verifies sloppy swf embedding - this should have been removed long ago!! More... | |
| report_security_check_noauth ($detailed=false) | |
| ============================================= More... | |
| report_security_check_nodemodules ($detailed=false) | |
| Check the presence of the node_modules directory. More... | |
| report_security_check_openprofiles ($detailed=false) | |
| Verifies open profiles - originally open by default, not anymore because spammer abused it a lot. More... | |
| report_security_check_passwordpolicy ($detailed=false) | |
| Verifies if password policy set. More... | |
| report_security_check_preventexecpath ($detailed=false) | |
| Verifies the status of preventexecpath. More... | |
| report_security_check_riskadmin ($detailed=false) | |
| Lists all admins. More... | |
| report_security_check_riskbackup ($detailed=false) | |
| Lists all roles that have the ability to backup user data, as well as users. More... | |
| report_security_check_riskxss ($detailed=false) | |
| Lists all users with XSS risk, it would be great to combine this with risk trusts in user table, unfortunately nobody implemented user trust UI yet :-(. More... | |
| report_security_check_unsecuredataroot ($detailed=false) | |
| Verifies fatal misconfiguration of dataroot. More... | |
| report_security_check_vendordir ($detailed=false) | |
| Check the presence of the vendor directory. More... | |
| report_security_check_webcron ($detailed=false) | |
| Verifies the status of web cron. More... | |
| report_security_doc_link ($issue, $name) | |
| report_security_get_issue_list () | |
| report_security_hide_timearning () | |
Variables | |
| const | REPORT_SECURITY_CRITICAL 'critical' |
| const | REPORT_SECURITY_INFO 'info' |
| const | REPORT_SECURITY_OK 'ok' |
| const | REPORT_SECURITY_SERIOUS 'serious' |
| const | REPORT_SECURITY_WARNING 'warning' |
Lib functions.
@subpackage security
1.8.20